CVE-2023-32423: 
Apple Safari vulnerability analysis and mitigation

A buffer overflow vulnerability (CVE-2023-32423) was discovered in WebKit, affecting multiple Apple operating systems including watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. The vulnerability was disclosed and patched in May 2023. When processing web content, this vulnerability could potentially disclose sensitive information (Apple Support, NVD).

The vulnerability is a buffer overflow issue in WebKit, Apple's browser engine. It was assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The issue was addressed by implementing improved memory handling mechanisms. The vulnerability is classified as CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (NVD).

When exploited, this vulnerability could allow processing web content to disclose sensitive information. The vulnerability affects the confidentiality of the system but does not impact integrity or availability (Apple Support).

Apple has released security updates to address this vulnerability in multiple operating systems. Users should update to watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 or iPadOS 16.5 or later versions to mitigate this vulnerability (Apple Support).